This is an automated email from the ASF dual-hosted git repository. nic pushed a commit to branch 2.6.x in repository https://gitbox.apache.org/repos/asf/kylin.git
The following commit(s) were added to refs/heads/2.6.x by this push: new a75fb4c KYLIN-4481 Project-level ACL lookups not working for non-admin SAML-federated users a75fb4c is described below commit a75fb4c6942fe3c0d610cdab91191b4a8895dd53 Author: andrewcheng <andrewch...@tencent.com> AuthorDate: Thu May 7 16:27:44 2020 +0800 KYLIN-4481 Project-level ACL lookups not working for non-admin SAML-federated users --- .../apache/kylin/rest/security/SAMLUserDetailsService.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/server-base/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java b/server-base/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java index 24f8243..29583ff 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java +++ b/server-base/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java @@ -22,6 +22,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl; import org.springframework.security.ldap.userdetails.LdapUserDetailsService; import org.springframework.security.saml.SAMLCredential; @@ -46,6 +47,16 @@ public class SAMLUserDetailsService implements org.springframework.security.saml UserDetails userDetails = null; try { userDetails = ldapUserDetailsService.loadUserByUsername(userName); + if (userDetails instanceof LdapUserDetailsImpl) { + LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence(); + essence.setDn(((LdapUserDetailsImpl) userDetails).getDn()); + essence.setUsername(userEmail); + essence.setPassword(userDetails.getPassword()); + essence.setAuthorities(userDetails.getAuthorities()); + essence.setTimeBeforeExpiration(((LdapUserDetailsImpl) userDetails).getTimeBeforeExpiration()); + essence.setGraceLoginsRemaining(((LdapUserDetailsImpl) userDetails).getGraceLoginsRemaining()); + userDetails = essence.createUserDetails(); + } } catch (org.springframework.security.core.userdetails.UsernameNotFoundException e) { logger.error("User not found in LDAP, check whether he/she has been added to the groups.", e); }